CVE-2019-3740

Published: Sep 18, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.

Affected (47)

Products: Dell: Bsafe Cert J, Bsafe Crypto J, Bsafe Ssl J · Oracle: Application Performance Management, Communications Network Integrity, Communications Unified Inventory Management, Database, Global Lifecycle Management Opatch, Goldengate, Retail Assortment Planning, Retail Integration Bus, Retail Predictive Application Server, Retail Service Backbone, Retail Store Inventory Management, Retail Xstore Point Of Service, Storagetek Acsls, Storagetek Tape Analytics Sw Tool, Weblogic Server

3 products

15 products

Application Performance Management

Communications Network Integrity

Communications Unified Inventory Management

Database

Global Lifecycle Management Opatch

Goldengate

Retail Assortment Planning

Retail Integration Bus

Retail Predictive Application Server

Retail Service Backbone

Retail Store Inventory Management

Retail Xstore Point Of Service

Storagetek Acsls

Storagetek Tape Analytics Sw Tool

Weblogic Server

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Dell Bsafe Cert J	Up to 6.2.4
Dell Bsafe Crypto J	Before 6.2.5
Dell Bsafe Ssl J	Up to 6.2.4.1

Configuration B

44 vulnerable

Vulnerable Software	Affected Versions
Oracle Application Performance Management	Version 13.3.0.0
Oracle Application Performance Management	Version 13.4.0.0
Oracle Communications Network Integrity	Version 7.3.2
Oracle Communications Network Integrity	Version 7.3.5
Oracle Communications Network Integrity	Version 7.3.6
Oracle Communications Unified Inventory Management	Version 7.3.2
Oracle Communications Unified Inventory Management	Version 7.3.4
Oracle Communications Unified Inventory Management	Version 7.3.5
Oracle Communications Unified Inventory Management	Version 7.4.0
Oracle Communications Unified Inventory Management	Version 7.4.1
Oracle Database	Version 12.1.0.2
Oracle Database	Version 12.2.0.1
Oracle Database	Version 18c
Oracle Database	Version 19c
Oracle Global Lifecycle Management Opatch	Before 12.2.0.1.22
Oracle Goldengate	Before 19.1.0.0.0.210420
Oracle Retail Assortment Planning	Version 15.0.3.0
Oracle Retail Assortment Planning	Version 16.0.3.0
Oracle Retail Integration Bus	Version 14.1
Oracle Retail Integration Bus	Version 15.0
Oracle Retail Integration Bus	Version 16.0
Oracle Retail Predictive Application Server	Version 14.1.3.0
Oracle Retail Predictive Application Server	Version 15.0.3.0
Oracle Retail Predictive Application Server	Version 15.0
Oracle Retail Predictive Application Server	Version 16.0.3.0
Oracle Retail Service Backbone	Version 14.1
Oracle Retail Service Backbone	Version 15.0
Oracle Retail Service Backbone	Version 16.0
Oracle Retail Store Inventory Management	Version 14.0.4
Oracle Retail Store Inventory Management	Version 14.1.3
Oracle Retail Store Inventory Management	Version 15.0.3
Oracle Retail Store Inventory Management	Version 16.0.3
Oracle Retail Xstore Point Of Service	Version 15.0.3
Oracle Retail Xstore Point Of Service	Version 16.0.5
Oracle Retail Xstore Point Of Service	Version 17.0.3
Oracle Retail Xstore Point Of Service	Version 18.0.2
Oracle Retail Xstore Point Of Service	Version 19.0.1
Oracle Storagetek Acsls	Version 8.5.1
Oracle Storagetek Tape Analytics Sw Tool	Version 2.3
Oracle Weblogic Server	Version 10.3.6.0.0
Oracle Weblogic Server	Version 12.1.3.0.0
Oracle Weblogic Server	Version 12.2.1.3.0
Oracle Weblogic Server	Version 12.2.1.4.0
Oracle Weblogic Server	Version 14.1.1.0.0